Weekly Vulnerabilities Reports > September 15 to 21, 2008
Overview
78 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 21 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 47 vendors including Apple, Joomla, Microsoft, Debian, and Gallery. Vulnerabilities are notably categorized as "SQL Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", and "Resource Management Errors".
- 68 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 30 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 71 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-18 | CVE-2008-2468 | Landesk | Buffer Errors vulnerability in Landesk products Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments. | 10.0 |
2008-09-16 | CVE-2008-3616 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. | 10.0 |
2008-09-16 | CVE-2008-2437 | Trend Micro | Buffer Errors vulnerability in Trend Micro Client-Server-Messaging Security and Officescan Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter. | 10.0 |
2008-09-16 | CVE-2008-4095 | Flip4Mac | Unspecified vulnerability in Flip4Mac WMV Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713. | 10.0 |
2008-09-19 | CVE-2008-4132 | Componentone | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Componentone Vsflexgrid 7.0.1.151/8.0.20072.239 Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. | 9.3 |
2008-09-18 | CVE-2008-2470 | Macrovision | Buffer Overflow vulnerability in Macrovision Flexnet Connect 6.0 The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 404 error response. | 9.3 |
2008-09-18 | CVE-2008-4101 | VIM | Improper Input Validation vulnerability in VIM Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | 9.3 |
2008-09-18 | CVE-2008-4116 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | 9.3 |
2008-09-18 | CVE-2008-3961 | Adobe | Remote Code Execution vulnerability in Adobe Illustrator CS2 Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. | 9.3 |
2008-09-18 | CVE-2008-1093 | Acresso | Code Injection vulnerability in Acresso Flexnet Connect and Intallshield Update Agent Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | 9.3 |
2008-09-16 | CVE-2008-4111 | IBM | Unspecified vulnerability in IBM WebSphere Application Server 'FileServing' Feature Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors. | 9.3 |
2008-09-16 | CVE-2008-3621 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | 9.3 |
2008-09-16 | CVE-2008-3608 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. | 9.3 |
2008-09-16 | CVE-2008-2332 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | 9.3 |
2008-09-16 | CVE-2008-2305 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." | 9.3 |
2008-09-16 | CVE-2008-3618 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. | 9.0 |
21 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-18 | CVE-2008-4096 | Phpmyadmin | Improper Input Validation vulnerability in PHPmyadmin libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. | 8.5 |
2008-09-19 | CVE-2008-4155 | Easybrik | Path Traversal vulnerability in Easybrik Easysite 2.3 Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. | 7.8 |
2008-09-19 | CVE-2008-4135 | S60 Nokia | Resource Management Errors vulnerability in S60 Symbian OS Unknown Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remote attackers to cause a denial of service (device crash) via multiple deauthentication (DeAuth) frames. | 7.8 |
2008-09-18 | CVE-2008-4117 | SUN | Remote Denial of Service vulnerability in SUN Management Center 3.6.1/4.0 Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 7.8 |
2008-09-16 | CVE-2008-3610 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | 7.6 |
2008-09-16 | CVE-2008-4110 | Microsoft | Buffer Errors vulnerability in Microsoft SQL Server 2000 Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. | 7.6 |
2008-09-19 | CVE-2008-4154 | Living E | SQL Injection vulnerability in Living-E Webedition CMS SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. | 7.5 |
2008-09-19 | CVE-2008-4134 | Phprealty | Code Injection vulnerability in PHPrealty 0.021/0.022/0.023 PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter. | 7.5 |
2008-09-18 | CVE-2008-4105 | Joomla | Improper Input Validation vulnerability in Joomla JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact. | 7.5 |
2008-09-18 | CVE-2008-4102 | Joomla | Numeric Errors vulnerability in Joomla Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681. | 7.5 |
2008-09-15 | CVE-2008-4092 | Myphpnuke | SQL Injection vulnerability in Myphpnuke 1.8.87/1.8.88 SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | 7.5 |
2008-09-15 | CVE-2008-4090 | Couponscript | SQL Injection vulnerability in Couponscript Coupon Script 4.0 SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672. | 7.5 |
2008-09-15 | CVE-2008-4088 | Myphpnuke | SQL Injection vulnerability in Myphpnuke 1.8.87/1.8.88 SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
2008-09-15 | CVE-2008-4086 | Source Workshop | SQL Injection vulnerability in Source Workshop Reciprocal Links Manager 1.1 SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | 7.5 |
2008-09-15 | CVE-2008-4081 | Stash | Improper Authentication vulnerability in Stash 1.0.3 admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | 7.5 |
2008-09-15 | CVE-2008-4074 | Zanfi Solutions | SQL Injection vulnerability in Zanfi Solutions Autodealers CMS Autonline SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |
2008-09-15 | CVE-2008-4073 | Zanfi Solutions | SQL Injection vulnerability in Zanfi Solutions Autodealers CMS Autonline SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | 7.5 |
2008-09-15 | CVE-2008-4072 | Phsdev | SQL Injection vulnerability in Phsdev Phsblog 0.2 Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | 7.5 |
2008-09-19 | CVE-2008-4131 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10/8/9 Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | 7.2 |
2008-09-18 | CVE-2008-4108 | Python Software Foundation | Link Following vulnerability in Python Software Foundation Python 2.4.5 Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. | 7.2 |
2008-09-16 | CVE-2008-3609 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | 7.2 |
38 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-19 | CVE-2008-4156 | Customcms | SQL Injection vulnerability in Customcms Gaming Portal 4.0 SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
2008-09-18 | CVE-2008-3195 | Twiki | Path Traversal vulnerability in Twiki Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. | 6.8 |
2008-09-15 | CVE-2008-4093 | Yourownbux | SQL Injection vulnerability in Yourownbux 3.1/3.2 SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | 6.8 |
2008-09-15 | CVE-2008-4091 | Source Workshop | SQL Injection vulnerability in Source Workshop web Directory Script 1.5.3 SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | 6.8 |
2008-09-15 | CVE-2008-4087 | Acoustica | Buffer Errors vulnerability in Acoustica Beatcraft 1.02 Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. | 6.8 |
2008-09-15 | CVE-2008-4084 | Myiosoft | SQL Injection vulnerability in Myiosoft Easyclassifields 3.0 SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | 6.8 |
2008-09-15 | CVE-2008-4080 | Stash | SQL Injection vulnerability in Stash 1.0.3 SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. | 6.8 |
2008-09-15 | CVE-2008-4075 | Dino | Path Traversal vulnerability in Dino D-Iscussion Board 3.01 Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. | 6.8 |
2008-09-18 | CVE-2008-4126 | Debian | Configuration vulnerability in Debian Python-Dns PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 6.4 |
2008-09-18 | CVE-2008-4099 | Debian | Configuration vulnerability in Debian Python-Dns PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 6.4 |
2008-09-16 | CVE-2008-3611 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | 6.3 |
2008-09-16 | CVE-2008-3613 | Apple | Resource Management Errors vulnerability in Apple mac OS X 10.5.2/10.5.3/10.5.4 Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | 6.1 |
2008-09-18 | CVE-2008-4104 | Joomla | Link Following vulnerability in Joomla Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | 5.8 |
2008-09-18 | CVE-2008-4107 | PHP | Numeric Errors vulnerability in PHP The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102. | 5.1 |
2008-09-18 | CVE-2008-4106 | Wordpress | Improper Input Validation vulnerability in Wordpress WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107. | 5.1 |
2008-09-18 | CVE-2008-3662 | Gallery | Cryptographic Issues vulnerability in Gallery Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. | 5.0 |
2008-09-18 | CVE-2008-4125 | Phpbb | Information Exposure vulnerability in PHPbb 2 The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632. | 5.0 |
2008-09-18 | CVE-2008-4103 | Joomla | Improper Input Validation vulnerability in Joomla COM Mailto The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | 5.0 |
2008-09-16 | CVE-2008-4115 | Talkback | Information Exposure vulnerability in Talkback 2.3.6 TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. | 5.0 |
2008-09-16 | CVE-2008-3950 | Apple | Numeric Errors vulnerability in Apple Iphone, Ipod Touch and Safari Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | 5.0 |
2008-09-16 | CVE-2008-3617 | Apple | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | 5.0 |
2008-09-16 | CVE-2008-2331 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | 5.0 |
2008-09-15 | CVE-2008-4071 | Adobe Microsoft | Improper Input Validation vulnerability in Adobe Acrobat 9 A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. | 5.0 |
2008-09-16 | CVE-2008-2330 | Apple | Information Exposure vulnerability in Apple mac OS X Server slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | 4.9 |
2008-09-16 | CVE-2008-2312 | Apple | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | 4.9 |
2008-09-18 | CVE-2008-4098 | Canonical Debian Mysql Oracle | Link Following vulnerability in multiple products MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. | 4.6 |
2008-09-18 | CVE-2008-4097 | Oracle | Permissions, Privileges, and Access Controls vulnerability in Oracle Mysql 5.0.51A MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. | 4.6 |
2008-09-15 | CVE-2008-4082 | Brim Project | SQL Injection vulnerability in Brim-Project Brim 2.0.0 SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | 4.6 |
2008-09-15 | CVE-2008-4085 | Stephenjungels | Link Following vulnerability in Stephenjungels Plait plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. | 4.4 |
2008-09-19 | CVE-2008-4133 | D Link | Improper Input Validation vulnerability in D-Link Dir-100 1.02/1.12 The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. | 4.3 |
2008-09-18 | CVE-2008-4130 | Gallery | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted Flash animation, related to the ability of the animation to "interact with the embedding page." | 4.3 |
2008-09-18 | CVE-2008-4127 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 7.0.5730/8.0.6001 Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allows remote attackers to cause a denial of service (failure of subsequent image rendering) via a crafted PNG file, related to an infinite loop in the CDwnTaskExec::ThreadExec function. | 4.3 |
2008-09-18 | CVE-2008-4118 | High Norm | Cross-Site Scripting vulnerability in High Norm Sound Master 2ND 1.0 Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-09-16 | CVE-2008-3622 | Apple | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | 4.3 |
2008-09-15 | CVE-2008-4089 | Myphpnuke | Cross-Site Scripting vulnerability in Myphpnuke 1.8.87/1.8.88 Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | 4.3 |
2008-09-15 | CVE-2008-4079 | SIX Apart | Cross-Site Scripting vulnerability in SIX Apart Movable Type Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-09-15 | CVE-2008-4076 | TOR World | Cross-Site Scripting vulnerability in TOR World products Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. | 4.3 |
2008-09-18 | CVE-2008-4129 | Gallery | Path Traversal vulnerability in Gallery Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-09-15 | CVE-2008-4083 | Brim Project | Cross-Site Scripting vulnerability in Brim-Project Brim 2.0.0 Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. | 3.5 |
2008-09-16 | CVE-2008-3619 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |
2008-09-16 | CVE-2008-2329 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | 1.9 |